
«5< 



United States Rstent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 

United States Patent and Trademark Office 

Address: COMMISSIONER OF PATENTS AND TRADEMARKS 

Washington, D.C. 20231 

www.nspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/482,156 



01/12/2000 



Jonathan Trostle 



50325-080 



6624 



29989 7590 11/08/2002 

HICKMAN PALERMO TRUONG & BECKER, LLP 
1600 WILLOW STREET 
SAN JOSE, C A 95125 



EXAMINER 



SHERR, CRISTINA O 



ART UNIT 



PAPER NUMBER 



3621 

DATE MAILED: 1 1/08/2002 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 07-01) 



Office Action Summary 



Application No. 

09/482,156 



Examiner 

Cristina O Sherr 



Applicant(s) 

TROSTLE ET AL. 
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3621 



The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE MONTH(S) FROM 

THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )K Responsive to communication(s) filed on 22 August 2002 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) £3 Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim (s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or bO objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)D All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 



1 ) £0 Notice of References Cited (PTO-892) 

2) [H Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) E] Information Disclosure Statement(s) (PTO-1449) Paper No(s). 



4) CD Interview Summary (PTO-413) Paper No(s). 

5) O Notice of Informal Patent Application (PTO-1 52) 

6) Q Other: 



U.S. Patent and Trademark Office 
PTO-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 9 





Application/Control Number: 09/482,156 
Art Unit: 3621 



Page 2 



DETAILED ACTION 



1. Claims 1 -6, 8, 10, 17, 19-20, 23-24, and 26-29 have been amended in this 
action. Claims 1 -30 remain pending. 



2. Applicant's arguments filed 22 August 2002 have been fully considered but are 
not persuasive. 

3. Applicant argues that Dondeti has no teaching of an event server as claimed. 
Examiner respectfully directs Applicant's attention to Col. 3 on 19-35. 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1- 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240, 188B1) in view of OToole, jr. et al (US 6,279,1 12 B1). 

6. Dondeti discloses a method for securely establishing communication in a 
multicast group of nodes of a network, in which the network includes publisher nodes, 
subscriber nodes, a multi-master directory that stores information about events in the 
network and that can authenticate the subscriber nodes and the publisher nodes, 
whereby each of the subscriber nodes and the publisher nodes receives a unique 
private key and that can determine events that the subscribers and the publishers may 
process, the method comprising the steps of registering the subscribers and the 
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publishers with an event server configured to determine whether the publishers are 
authorized to produce certain events corresponding to the event types and whether the 
subscribers are authorized to receive the certain events in response to the step of 
accessing; generating, with the event server, a group session key for establishing one 
of the multicast groups, the group session key being encrypted in a message that has a 
prescribed format (Col. 3 on 19-35); further comprising the steps of receiving a 
message from the subscribers in response to the subscribers determining whether the 
received message corresponds to a correct key version; updating the group session 
key; and selectively reregistering the subscribers at the event server (Col. 3 on 19-35); 
wherein the prescribed format of the message conforms with lightweight directory 
access protocol (LDAP) (Col. 3 on 19-35); wherein the prescribed format of the 
message comprises a protocol version number field, a message type field, and a 
message length field (Col. 3 on 19-35); wherein the step of authenticating comprises 
controlling access by the directory in conjunction with utilizing an external authentication 
service that allows extending membership of the multicast groups to subscribers with no 
corresponding objects in the directory (Col. 3 on 19-35); wherein the external 
authentication service is supplied by a Kerberos server (Col. 3 on 19-35); wherein the 
event server manages the private keys of the subscribers and the publishers (Col. 3 on 
19-35); wherein the step of updating comprises creating a new group session key 
modifying the objects based upon the new group session key by using a change 
password protocol; sending a new message that contains the new group session key to 
the subscribers; and notifying the subscribers to reregister (Col. 3 on 19-35). 
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7. Dondeti does not, however, disclose a method as recited in Claim 1, above, 
wherein the step of registering comprises performing access control check of the 
subscribers by the event server (OToole, col. 1 1 , In 9 - 34). OToole, however, does, 
as noted above. It would be obvious to one of ordinary skill in the art to combine the 
teachings of Dondeti and OToole to obtain greater security in the distribution of data 
over a network. 

8. Claims 10 - 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,1 88B1) in view of OToole, jr. et al (US 6,279,112 B1). 

9. Dondeti discloses a communication system for creating a plurality of secure 
multicast groups in a network that includes a plurality of principals configured for 
functioning as a subscriber and a publisher, each of the principals having a private key, 
a multi-master directory comprising a directory server for communicating with one or 
more of the principals to authenticate each of the principals and to provide access 
control, the multi-master directory controlling access on a per object and per attribute 
basis, the communication system comprising an event server coupled to the plurality of 
principals for registering the plurality of principals and for determining whether the 
principals are authorized to produce certain events when the principals are functioning 
as publishers and whether the principals are authorized to receive the certain events 
when the principals are functioning as subscribers, and means in the event server for 
creating a group session key for establishing one of the multicast groups, by distributing 
the group session key in an encrypted message to the subscribers, the encrypted 
message encapsulating the group session key according to a prescribed format; means 
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in the event server for updating the group session key by utilizing a change password 
protocol to modify an object in the directory; means in the event server for notifying the 
subscribers to reregister in response to the updating of the group session key (Col. 3 on 
19-35); wherein the directory server is collocated with the event server, the directory 
server and the event server participating in a common one of the multicast groups (Col. 
3 on 19-35); wherein the prescribed format of the message conforms with lightweight 
directory access protocol (LDAP) (Col. 3 on 19-35); wherein the directory authenticates 
by controlling access in conjunction with utilizing an external authentication service that 
allows extending membership of the multicast groups to subscribers with no 
corresponding objects in the directory (Col. 3 on 19-35); wherein the external 
authentication service is supplied by a Kerberos server (Col. 3 on 19-35); wherein the 
prescribed format of the message comprises a protocol version number field, a 
message type field, and a message length field (Col. 3 on 19-35); wherein the event 
server manages the private keys (Col. 3 on 19-35); wherein the event server updates 
the group session key by performing the steps of creating a new group session key; 
modifying the objects based upon the new group session key by using a change 
password protocol; sending a new message that contains the new group session key to 
the subscribers; and notifying the subscribers to reregister (Col. 3 on 19-35). 
10. Dondeti does not, however, disclose a system as recited in Claim 10, above, 
wherein the event server performs access control check of the subscribers during 
registration of the subscribers (OToole, col. 1 1 , In 9 - 34). OToole, however, does, as 
noted above. It would be obvious to one of ordinary skill in the art to combine the 
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teachings of Dondeti and OToole to obtain greater security in the distribution of data 
over a network. 

1 1 . Claims 19 - 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240, 188B1) in view of OToole, jr. et al (US 6,279,1 12 B1). 

12. Dondeti discloses a computer system for establishing multiple secure multicast 
groups, the computer system comprising a communication interface for communicating 
with a plurality of nodes and for interfacing a multi-master directory to authenticate the 
computer system and the plurality of nodes, the multi-master directory having access 
controls on a per object and per attribute basis, wherein the nodes access the directory 
to determine events that the nodes may process, a bus coupled to the communication 
interface for transferring data; one or more processors coupled to the bus for selectively 
generating a group session key and private keys corresponding to the plurality of nodes, 
the group session key being updated by utilizing a change password protocol to modify 
an object corresponding to the events in the directory; and a memory coupled to the one 
or more processors via the bus, the memory including one or more sequences of 
instructions which when executed by the one or more processors cause the one or 
more processors to perform the steps of registering the plurality of nodes, determining 
whether the nodes are authorized to produce and authorized to receive certain events 
corresponding to objects of the directory, distributing the group session key to the nodes 
via a message, the message encapsulating the group session key according to a 
prescribed format, and selectively reregistering the nodes in response to updating the 
group session key (Col. 3 on 19-35); wherein the directory server is collocated with the 
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event server, the directory server and the event server participating in a common one of 
the multicast groups (Col. 3 on 19-35); wherein the prescribed format of the message 
conforms with light weight directory access protocol (LDAP) (Col. 3 on 19-35); wherein 
the directory authenticates by using authentication services of the directory in 
conjunction with a Kerberos service that allows extending membership to the multicast 
groups to nodes with no objects in the directory (Col. 3 on 19-35); wherein the event 
server manages private keys of the plurality of nodes (Col. 3 on 19-35); wherein the 
event server updates the group session key by performing the steps of creating a 
new group session key; modifying the objects based upon the new group session key 
by using a change password protocol; sending a new message that contains the new 
group session key to the subscribers; and notifying the subscribers to reregister (Col. 3 
on 19-35). 

13. Dondeti does not, however, disclose a system as recited in Claim 19, above, 
wherein the computer system performs access control check of the nodes during 
registration (OToole, col. 1 1, In 9 - 34). OToole, however, does, as noted above. It 
would be obvious to one of ordinary skill in the art to combine the teachings of Dondeti 
and OToole to obtain greater security in the distribution of data over a network. 

14. Claims 26-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dondeti et al (US 6,240,188B1) in view of OToole, jr. et al (US 6,279,1 12 B1). 

15. Dondeti discloses a computer-readable medium carrying one or more sequences 
of instructions for securely establishing communication in a multicast group of nodes of 
a network, in which the network includes publisher nodes, subscriber nodes, a multi- 
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master directory that stores information about events in the network and that can 
authenticate the subscriber nodes and the publisher nodes, whereby each of the 
subscriber nodes and the publisher nodes receives a unique private key and that can 
determine events that the subscribers and the publishers may process, wherein 
execution of the one or more sequences of instructions by one or more processors 
causes the one or more processors to perform the steps of registering the subscribers 
and the publishers with an event server, the event server determining whether the 
publishers are authorized to produce certain events corresponding to the event types 
and whether the subscribers are authorized to receive the certain events in response to 
the step of accessing; generating a group session key for establishing one of the 
multicast groups, the group session key being encrypted in a message that has a 
prescribed format (Col. 3 on 19-35); further comprising the steps of receiving a 
message from the subscribers in response to the subscribers determining whether the 
received message corresponds to a correct key version; updating the group session 
key; and selectively reregistering the subscribers at the event server (Col. 3 on 19-35); 
wherein the step of (Col. 3 on 19-35); authenticating comprises controlling access by 
the directory in conjunction with (Col. 3 on 19-35); utilizing an external authentication 
service that allows extending membership of the multicast groups to subscribers with no 
corresponding objects in the directory (Col. 3 on 19-35); wherein the step of updating 
comprises creating a new group session key; modifying the objects based upon the new 
group session key by using a change password protocol; sending a new message that 
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contains the new group session key to the subscribers; and notifying the subscribers to 
reregister (Col. 3 on 19-35). 

16. Dondeti does not, however, disclose a medium as recited under claim 26, above, 
wherein the step of registering comprises performing access control check of the 
subscribers by the event server (OToole, col. 1 1 , In 9 — 34). OToole, however, does, 
as noted above. It would be obvious to one of ordinary skill in the art to combine the 
teachings of Dondeti and OToole to obtain greater security in the distribution of data 
over a network. 

Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

1 8. Kocher et al (US 6,289,455B1 ) discloses a method and apparatus for preventing 
piracy of digital content. 

19. Aronberg et al (US 6,1 17,1 88A) discloses a system and method using token 
processing to control software distribution and desktop management in a computer 
network environment. 

20. THIS ACTION IS MADE FINAL Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

21 . A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

22. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Cristina O Sherr whose telephone number is 703-305- 
0625. The examiner can normally be reached on Monday through Friday 8:30 to 5:00. 

23. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on 703-305-9768. The fax phone 
numbers for the organization where this application or proceeding is assigned are 703- 
305-7687 for regular communications and 703-305-7687 for After Final 
communications. 

24. Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 



November 3, 2002 




